Active Directory Server SSL Certificate

wagnewal

Cadet
Joined
Nov 10, 2019
Messages
1
Hello!
I want to ask if I missunderstood something in the Active Directory settings of FreeNAS 11.3.

If I open the help dialog of "Certificate" in advanced settings in "Directory Services" > "Active Directory", I can read the following text:
Select the certificate of the Active Directory server if SSL connections are used. Add a certificate here by creating a CA, then creating a certificate on the Active Directory server. Import the certificate on this system with the Certificates menu.​

So I imported several certificates(including the one from my AD DC) in the "System" > "Certificates", but none of this certificates are listed in this pull down menu.
But instead to list them, the pull down menu lists me all my imported intermediate an root certificates from "System" > "CAs", is this a bug in the software or a mistake in the help text?

And in the help text I miss the explanation of the purpose of this setting, is it the certificate which is imported into a trust store to validate the AD DC cert?

many thanks
Walter
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
If you need to import a CA cert, you just upload it through the GUI and it's automatically added to the list of trusted CAs for LDAPs. If you need to perform a SASL external bind to the LDAP server (as a client), then you can specify a LDAP client certificate (for certificate-based authentication). In almost all cases you will _not_ need to select add a client certificate. You just need to select "ON" under encryption mode to use LDAPs.
 
Top